{{Package|ufw}} can be installed from [community]. If you don't already have iptables installed, it will be pulled in as a dependency.

+

{{Package Official|ufw}} can be installed from [community]. If you don't already have iptables installed, it will be pulled in as a dependency.

You need to include ufw in your daemons array in rc.conf. Do not include the iptables daemon because it simply loads an iptables ruleset from /etc/iptables/.

You need to include ufw in your daemons array in rc.conf. Do not include the iptables daemon because it simply loads an iptables ruleset from /etc/iptables/.

Revision as of 03:03, 22 July 2011

Uncomplicated firewall (ufw) is a simple frontend for iptables and is available in [community]. The next two sections are simply high-level explanations and examples. Users are encouraged to consult the Ubuntu Firewall Help page for additional details.

The next line is only need once the first time you install the package. From there on out, either put ufw in your daemons array in rc.conf or control it via the standard rc.d script (i.e. rc.d start ufw):

Adding Other Applications

The PKG comes with some defaults based on the default ports of many common daemons and programs. Inspect the options by looking in the /etc/ufw/applications.d directory or by listing them in the program itself:

# ufw app list

If users are running any of the applications on a non-standard port, it is recommended to simply make Template:Filename containing the needed data using the defaults as a guide.

Warning: If users modify any of the PKG provided rule sets, these will be overwritten the first time the ufw package is updated. This is why custom app definitions need to reside in a non-PKG file as recommended above!

Rate Limiting with ufw

ufw has the ability to deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. Users should consider using this option for services such as sshd.

Using the above basic configuration, to enable rate limiting we would simply replace the allow parameter with the limit parameter. The new rule will then replace the previous.